admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 00:33:44 +00:00
parent 45c61824d6
commit 5fd02a659f
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
53 changed files with 4386 additions and 4386 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

140
2005/0xxx/CVE-2005-0266.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2005-0266", "ID": "CVE-2005-0266",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in index.php in SugarCRM 1.X allows remote attackers to inject arbitrary web script or HTML via the (1) return_module, (2) return_action, (3) name, (4) module, or (5) record parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20050101 Cross Site Scripting Vulnerabilities and Possible Code Execution", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://marc.info/?l=bugtraq&m=110461706232174&w=2" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in index.php in SugarCRM 1.X allows remote attackers to inject arbitrary web script or HTML via the (1) return_module, (2) return_action, (3) name, (4) module, or (5) record parameter."
{ }
"name" : "12113", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/12113" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "sugar-sales-index-xss(18719)", "description": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/18719" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "20050101 Cross Site Scripting Vulnerabilities and Possible Code Execution",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=110461706232174&w=2"
},
{
"name": "12113",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/12113"
},
{
"name": "sugar-sales-index-xss(18719)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18719"
}
]
}
}

190
2005/0xxx/CVE-2005-0413.json
View File

@ -1,97 +1,97 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2005-0413", "ID": "CVE-2005-0413",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple SQL injection vulnerabilities in MyPHP Forum 1.0 allow remote attackers to execute arbitrary SQL commands via (1) the fid in forum.php, (2) the member parameter in member.php, (3) the email parameter in forgot.php, or (4) the nbuser or nbpass parameters in include.php. NOTE: it was later reported that vector 2 exists in 3.0 and earlier."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20050209 Several SQL injection bugs in myPHP Forum v.1.0", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://seclists.org/lists/bugtraq/2005/Feb/0125.html" "lang": "eng",
}, "value": "Multiple SQL injection vulnerabilities in MyPHP Forum 1.0 allow remote attackers to execute arbitrary SQL commands via (1) the fid in forum.php, (2) the member parameter in member.php, (3) the email parameter in forgot.php, or (4) the nbuser or nbpass parameters in include.php. NOTE: it was later reported that vector 2 exists in 3.0 and earlier."
{ }
"name" : "4822", ]
"refsource" : "EXPLOIT-DB", },
"url" : "https://www.exploit-db.com/exploits/4822" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "12501", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/12501" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "27083", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/27083" ]
}, },
{ "references": {
"name" : "1013136", "reference_data": [
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1013136" "name": "12501",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/12501"
"name" : "14205", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/14205" "name": "4822",
}, "refsource": "EXPLOIT-DB",
{ "url": "https://www.exploit-db.com/exploits/4822"
"name" : "myphpforum-multiple-sql-injection(19272)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/19272" "name": "27083",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/27083"
"name" : "myphpforum-member-sql-injection(39348)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/39348" "name": "myphpforum-multiple-sql-injection(19272)",
} "refsource": "XF",
] "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19272"
} },
} {
"name": "20050209 Several SQL injection bugs in myPHP Forum v.1.0",
"refsource": "BUGTRAQ",
"url": "http://seclists.org/lists/bugtraq/2005/Feb/0125.html"
},
{
"name": "1013136",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1013136"
},
{
"name": "myphpforum-member-sql-injection(39348)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39348"
},
{
"name": "14205",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/14205"
}
]
}
}

170
2005/0xxx/CVE-2005-0802.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2005-0802", "ID": "CVE-2005-0802",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in search.asp in ACS Blog 0.8 through 1.1b allows remote attackers to execute arbitrary web script or HTML via the search parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20050317 XSS in ACS blog", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://marc.info/?l=bugtraq&m=111108840811698&w=2" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in search.asp in ACS Blog 0.8 through 1.1b allows remote attackers to execute arbitrary web script or HTML via the search parameter."
{ }
"name" : "12836", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/12836" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "14861", "description": [
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/14861" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "1013470", ]
"refsource" : "SECTRACK", }
"url" : "http://securitytracker.com/id?1013470" ]
}, },
{ "references": {
"name" : "14625", "reference_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/14625/" "name": "14861",
}, "refsource": "OSVDB",
{ "url": "http://www.osvdb.org/14861"
"name" : "acs-blog-search-xss(19728)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/19728" "name": "acs-blog-search-xss(19728)",
} "refsource": "XF",
] "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19728"
} },
} {
"name": "1013470",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1013470"
},
{
"name": "12836",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/12836"
},
{
"name": "14625",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/14625/"
},
{
"name": "20050317 XSS in ACS blog",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=111108840811698&w=2"
}
]
}
}

180
2005/0xxx/CVE-2005-0977.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2005-0977", "ID": "CVE-2005-0977",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The shmem_nopage function in shmem.c for the tmpfs driver in Linux kernel 2.6 does not properly verify the address argument, which allows local users to cause a denial of service (kernel crash) via an invalid address."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "FLSA:157459-3", "description_data": [
"refsource" : "FEDORA", {
"url" : "http://www.securityfocus.com/archive/1/427980/100/0/threaded" "lang": "eng",
}, "value": "The shmem_nopage function in shmem.c for the tmpfs driver in Linux kernel 2.6 does not properly verify the address argument, which allows local users to cause a denial of service (kernel crash) via an invalid address."
{ }
"name" : "RHSA-2005:366", ]
"refsource" : "REDHAT", },
"url" : "http://www.redhat.com/support/errata/RHSA-2005-366.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "USN-103-1", "description": [
"refsource" : "UBUNTU", {
"url" : "https://usn.ubuntu.com/103-1/" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://linux.bkbits.net:8080/linux-2.6/cset@420551fbRlv9-QG6Gw9Lw_bKVfPSsg", ]
"refsource" : "CONFIRM", }
"url" : "http://linux.bkbits.net:8080/linux-2.6/cset@420551fbRlv9-QG6Gw9Lw_bKVfPSsg" ]
}, },
{ "references": {
"name" : "http://lkml.org/lkml/2005/2/5/111", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "http://lkml.org/lkml/2005/2/5/111" "name": "oval:org.mitre.oval:def:10400",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10400"
"name" : "12970", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/12970" "name": "http://linux.bkbits.net:8080/linux-2.6/cset@420551fbRlv9-QG6Gw9Lw_bKVfPSsg",
}, "refsource": "CONFIRM",
{ "url": "http://linux.bkbits.net:8080/linux-2.6/cset@420551fbRlv9-QG6Gw9Lw_bKVfPSsg"
"name" : "oval:org.mitre.oval:def:10400", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10400" "name": "RHSA-2005:366",
} "refsource": "REDHAT",
] "url": "http://www.redhat.com/support/errata/RHSA-2005-366.html"
} },
} {
"name": "USN-103-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/103-1/"
},
{
"name": "12970",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/12970"
},
{
"name": "FLSA:157459-3",
"refsource": "FEDORA",
"url": "http://www.securityfocus.com/archive/1/427980/100/0/threaded"
},
{
"name": "http://lkml.org/lkml/2005/2/5/111",
"refsource": "CONFIRM",
"url": "http://lkml.org/lkml/2005/2/5/111"
}
]
}
}

200
2005/1xxx/CVE-2005-1636.json
View File

@ -1,102 +1,102 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2005-1636", "ID": "CVE-2005-1636",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "mysql_install_db in MySQL 4.1.x before 4.1.12 and 5.x up to 5.0.4 creates the mysql_install_db.X file with a predictable filename and insecure permissions, which allows local users to execute arbitrary SQL commands by modifying the file's contents."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20050517 MySQL < 4.0.12 && MySQL <= 5.0.4 : Insecure tmp", "description_data": [
"refsource" : "FULLDISC", {
"url" : "http://marc.info/?l=full-disclosure&m=111632686805498&w=2" "lang": "eng",
}, "value": "mysql_install_db in MySQL 4.1.x before 4.1.12 and 5.x up to 5.0.4 creates the mysql_install_db.X file with a predictable filename and insecure permissions, which allows local users to execute arbitrary SQL commands by modifying the file's contents."
{ }
"name" : "http://www.zataz.net/adviso/mysql-05172005.txt", ]
"refsource" : "MISC", },
"url" : "http://www.zataz.net/adviso/mysql-05172005.txt" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=158688", "description": [
"refsource" : "CONFIRM", {
"url" : "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=158688" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "MDKSA-2006:045", ]
"refsource" : "MANDRIVA", }
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:045" ]
}, },
{ "references": {
"name" : "RHSA-2005:685", "reference_data": [
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2005-685.html" "name": "http://www.zataz.net/adviso/mysql-05172005.txt",
}, "refsource": "MISC",
{ "url": "http://www.zataz.net/adviso/mysql-05172005.txt"
"name" : "13660", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/13660" "name": "15369",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/15369"
"name" : "oval:org.mitre.oval:def:9504", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9504" "name": "17080",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/17080"
"name" : "15369", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/15369" "name": "20050517 MySQL < 4.0.12 && MySQL <= 5.0.4 : Insecure tmp",
}, "refsource": "FULLDISC",
{ "url": "http://marc.info/?l=full-disclosure&m=111632686805498&w=2"
"name" : "17080", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/17080" "name": "13660",
} "refsource": "BID",
] "url": "http://www.securityfocus.com/bid/13660"
} },
} {
"name": "oval:org.mitre.oval:def:9504",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9504"
},
{
"name": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=158688",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=158688"
},
{
"name": "MDKSA-2006:045",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:045"
},
{
"name": "RHSA-2005:685",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2005-685.html"
}
]
}
}

130
2005/1xxx/CVE-2005-1846.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secteam@freebsd.org",
"ID" : "CVE-2005-1846", "ID": "CVE-2005-1846",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple directory traversal vulnerabilities in YaMT before 0.5_2 allow attackers to overwrite arbitrary files via the (1) rename or (2) sort options."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://rpmfind.net/linux/RPM/suse/updates/8.2/i386/rpm/i586/yamt-0.5-1277.i586.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://rpmfind.net/linux/RPM/suse/updates/8.2/i386/rpm/i586/yamt-0.5-1277.i586.html" "lang": "eng",
}, "value": "Multiple directory traversal vulnerabilities in YaMT before 0.5_2 allow attackers to overwrite arbitrary files via the (1) rename or (2) sort options."
{ }
"name" : "http://www.vuxml.org/freebsd/99b5cfa5-d3d2-11d9-8ffb-00061bc2ad93.html", ]
"refsource" : "CONFIRM", },
"url" : "http://www.vuxml.org/freebsd/99b5cfa5-d3d2-11d9-8ffb-00061bc2ad93.html" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://rpmfind.net/linux/RPM/suse/updates/8.2/i386/rpm/i586/yamt-0.5-1277.i586.html",
"refsource": "CONFIRM",
"url": "http://rpmfind.net/linux/RPM/suse/updates/8.2/i386/rpm/i586/yamt-0.5-1277.i586.html"
},
{
"name": "http://www.vuxml.org/freebsd/99b5cfa5-d3d2-11d9-8ffb-00061bc2ad93.html",
"refsource": "CONFIRM",
"url": "http://www.vuxml.org/freebsd/99b5cfa5-d3d2-11d9-8ffb-00061bc2ad93.html"
}
]
}
}

180
2005/3xxx/CVE-2005-3096.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2005-3096", "ID": "CVE-2005-3096",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Avi Alkalay nslookup.cgi program, dated 16 June 2002, allows remote attackers to execute arbitrary commands via shell metacharacters in the query parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.cirt.net/advisories/alkalay.shtml", "description_data": [
"refsource" : "MISC", {
"url" : "http://www.cirt.net/advisories/alkalay.shtml" "lang": "eng",
}, "value": "Avi Alkalay nslookup.cgi program, dated 16 June 2002, allows remote attackers to execute arbitrary commands via shell metacharacters in the query parameter."
{ }
"name" : "http://www.alkalay.net/software", ]
"refsource" : "MISC", },
"url" : "http://www.alkalay.net/software" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "14893", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/14893" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "ADV-2005-1809", ]
"refsource" : "VUPEN", }
"url" : "http://www.vupen.com/english/advisories/2005/1809" ]
}, },
{ "references": {
"name" : "19520", "reference_data": [
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/19520" "name": "19520",
}, "refsource": "OSVDB",
{ "url": "http://www.osvdb.org/19520"
"name" : "16880", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/16880" "name": "http://www.cirt.net/advisories/alkalay.shtml",
}, "refsource": "MISC",
{ "url": "http://www.cirt.net/advisories/alkalay.shtml"
"name" : "nslookup-command-injection(22354)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/22354" "name": "16880",
} "refsource": "SECUNIA",
] "url": "http://secunia.com/advisories/16880"
} },
} {
"name": "http://www.alkalay.net/software",
"refsource": "MISC",
"url": "http://www.alkalay.net/software"
},
{
"name": "14893",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/14893"
},
{
"name": "nslookup-command-injection(22354)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22354"
},
{
"name": "ADV-2005-1809",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/1809"
}
]
}
}

160
2005/4xxx/CVE-2005-4022.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2005-4022", "ID": "CVE-2005-4022",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the \"Add Image From Web\" feature in Gallery 2.0 before 2.0.2 allows remote attackers to inject arbitrary web script or HTML via Javascript in an IMG tag."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20051130 Gallery 2.x Security Advisory", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/418200/100/0/threaded" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in the \"Add Image From Web\" feature in Gallery 2.0 before 2.0.2 allows remote attackers to inject arbitrary web script or HTML via Javascript in an IMG tag."
{ }
"name" : "15614", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/15614" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "ADV-2005-2681", "description": [
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2005/2681" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "21221", ]
"refsource" : "OSVDB", }
"url" : "http://www.osvdb.org/21221" ]
}, },
{ "references": {
"name" : "17747", "reference_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/17747" "name": "21221",
} "refsource": "OSVDB",
] "url": "http://www.osvdb.org/21221"
} },
} {
"name": "17747",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17747"
},
{
"name": "15614",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15614"
},
{
"name": "20051130 Gallery 2.x Security Advisory",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/418200/100/0/threaded"
},
{
"name": "ADV-2005-2681",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/2681"
}
]
}
}

130
2005/4xxx/CVE-2005-4300.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2005-4300", "ID": "CVE-2005-4300",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Format string vulnerability in the lire_pop function in pop.c in libremail 1.1.0 and earlier, with compiled with the debug option, allows remote attackers to execute arbitrary code via a crafted e-mail or POP server response."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20051216 ZRCSA-200505: libremail - \"pop.c\" Format String Vulnerability", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/419639/100/0/threaded" "lang": "eng",
}, "value": "Format string vulnerability in the lire_pop function in pop.c in libremail 1.1.0 and earlier, with compiled with the debug option, allows remote attackers to execute arbitrary code via a crafted e-mail or POP server response."
{ }
"name" : "15906", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/15906" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20051216 ZRCSA-200505: libremail - \"pop.c\" Format String Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/419639/100/0/threaded"
},
{
"name": "15906",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15906"
}
]
}
}

170
2005/4xxx/CVE-2005-4343.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2005-4343", "ID": "CVE-2005-4343",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Adobe (formerly Macromedia) ColdFusion MX 6.0, 6.1, 6.1 with JRun, and 7.0 allows remote attackers to attach arbitrary files and send mail via a crafted Subject field, which is not properly handled by the CFMAIL tag in applications that use ColdFusion, aka \"CFMAIL injection Vulnerability\"."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.macromedia.com/devnet/security/security_zone/mpsb05-12.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.macromedia.com/devnet/security/security_zone/mpsb05-12.html" "lang": "eng",
}, "value": "Adobe (formerly Macromedia) ColdFusion MX 6.0, 6.1, 6.1 with JRun, and 7.0 allows remote attackers to attach arbitrary files and send mail via a crafted Subject field, which is not properly handled by the CFMAIL tag in applications that use ColdFusion, aka \"CFMAIL injection Vulnerability\"."
{ }
"name" : "http://www.macromedia.com/devnet/security/security_zone/mpsb05-14.html", ]
"refsource" : "CONFIRM", },
"url" : "http://www.macromedia.com/devnet/security/security_zone/mpsb05-14.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "15904", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/15904" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "ADV-2005-2948", ]
"refsource" : "VUPEN", }
"url" : "http://www.vupen.com/english/advisories/2005/2948" ]
}, },
{ "references": {
"name" : "1015369", "reference_data": [
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1015369" "name": "18078",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/18078"
"name" : "18078", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/18078" "name": "http://www.macromedia.com/devnet/security/security_zone/mpsb05-12.html",
} "refsource": "CONFIRM",
] "url": "http://www.macromedia.com/devnet/security/security_zone/mpsb05-12.html"
} },
} {
"name": "http://www.macromedia.com/devnet/security/security_zone/mpsb05-14.html",
"refsource": "CONFIRM",
"url": "http://www.macromedia.com/devnet/security/security_zone/mpsb05-14.html"
},
{
"name": "15904",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15904"
},
{
"name": "1015369",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015369"
},
{
"name": "ADV-2005-2948",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/2948"
}
]
}
}

160
2005/4xxx/CVE-2005-4596.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2005-4596", "ID": "CVE-2005-4596",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in read.php in AdesGuestbook 2.0 allows remote attackers to inject arbitrary web script or HTML via the totalRows_rsRead parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://pridels0.blogspot.com/2005/12/adesguestbook-xss-vuln.html", "description_data": [
"refsource" : "MISC", {
"url" : "http://pridels0.blogspot.com/2005/12/adesguestbook-xss-vuln.html" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in read.php in AdesGuestbook 2.0 allows remote attackers to inject arbitrary web script or HTML via the totalRows_rsRead parameter."
{ }
"name" : "16090", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/16090" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "22111", "description": [
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/22111" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "18244", ]
"refsource" : "SECUNIA", }
"url" : "http://secunia.com/advisories/18244" ]
}, },
{ "references": {
"name" : "adesguestbook-read-xss(23909)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/23909" "name": "22111",
} "refsource": "OSVDB",
] "url": "http://www.osvdb.org/22111"
} },
} {
"name": "18244",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18244"
},
{
"name": "http://pridels0.blogspot.com/2005/12/adesguestbook-xss-vuln.html",
"refsource": "MISC",
"url": "http://pridels0.blogspot.com/2005/12/adesguestbook-xss-vuln.html"
},
{
"name": "16090",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16090"
},
{
"name": "adesguestbook-read-xss(23909)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23909"
}
]
}
}

160
2005/4xxx/CVE-2005-4767.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2005-4767", "ID": "CVE-2005-4767",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "BEA WebLogic Server and WebLogic Express 8.1 SP5 and earlier, and 7.0 SP6 and earlier, when using username/password authentication, does not lock out a username after the maximum number of invalid login attempts, which makes it easier for remote attackers to guess the password."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "BEA05-107.00", "description_data": [
"refsource" : "BEA", {
"url" : "http://dev2dev.bea.com/pub/advisory/161" "lang": "eng",
}, "value": "BEA WebLogic Server and WebLogic Express 8.1 SP5 and earlier, and 7.0 SP6 and earlier, when using username/password authentication, does not lock out a username after the maximum number of invalid login attempts, which makes it easier for remote attackers to guess the password."
{ }
"name" : "BEA06-107.01", ]
"refsource" : "BEA", },
"url" : "http://dev2dev.bea.com/pub/advisory/178" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "15052", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/15052" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "17168", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/17168" ]
}, },
{ "references": {
"name" : "17138", "reference_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/17138" "name": "15052",
} "refsource": "BID",
] "url": "http://www.securityfocus.com/bid/15052"
} },
} {
"name": "BEA05-107.00",
"refsource": "BEA",
"url": "http://dev2dev.bea.com/pub/advisory/161"
},
{
"name": "17138",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17138"
},
{
"name": "BEA06-107.01",
"refsource": "BEA",
"url": "http://dev2dev.bea.com/pub/advisory/178"
},
{
"name": "17168",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17168"
}
]
}
}

180
2009/0xxx/CVE-2009-0042.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2009-0042", "ID": "CVE-2009-0042",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple unspecified vulnerabilities in the Arclib library (arclib.dll) before 7.3.0.15 in the CA Anti-Virus engine for CA Anti-Virus for the Enterprise 7.1, r8, and r8.1; Anti-Virus 2007 v8 and 2008; Internet Security Suite 2007 v3 and 2008; and other CA products allow remote attackers to bypass virus detection via a malformed archive file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20090127 CA20090126-01: CA Anti-Virus Engine Detection Evasion Multiple Vulnerabilities", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/500417/100/0/threaded" "lang": "eng",
}, "value": "Multiple unspecified vulnerabilities in the Arclib library (arclib.dll) before 7.3.0.15 in the CA Anti-Virus engine for CA Anti-Virus for the Enterprise 7.1, r8, and r8.1; Anti-Virus 2007 v8 and 2008; Internet Security Suite 2007 v3 and 2008; and other CA products allow remote attackers to bypass virus detection via a malformed archive file."
{ }
"name" : "http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/26/ca20090126-01-ca-anti-virus-engine-detection-evasion-multiple-vulnerabilities.aspx", ]
"refsource" : "CONFIRM", },
"url" : "http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/26/ca20090126-01-ca-anti-virus-engine-detection-evasion-multiple-vulnerabilities.aspx" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197601", "description": [
"refsource" : "CONFIRM", {
"url" : "http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197601" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "33464", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/33464" ]
}, },
{ "references": {
"name" : "ADV-2009-0270", "reference_data": [
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2009/0270" "name": "http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197601",
}, "refsource": "CONFIRM",
{ "url": "http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197601"
"name" : "1021639", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id?1021639" "name": "ADV-2009-0270",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2009/0270"
"name" : "ca-antivirus-engine-security-bypass(48261)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/48261" "name": "ca-antivirus-engine-security-bypass(48261)",
} "refsource": "XF",
] "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48261"
} },
} {
"name": "33464",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/33464"
},
{
"name": "20090127 CA20090126-01: CA Anti-Virus Engine Detection Evasion Multiple Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/500417/100/0/threaded"
},
{
"name": "1021639",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1021639"
},
{
"name": "http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/26/ca20090126-01-ca-anti-virus-engine-detection-evasion-multiple-vulnerabilities.aspx",
"refsource": "CONFIRM",
"url": "http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/26/ca20090126-01-ca-anti-virus-engine-detection-evasion-multiple-vulnerabilities.aspx"
}
]
}
}

210
2009/0xxx/CVE-2009-0083.json
View File

@ -1,107 +1,107 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secure@microsoft.com",
"ID" : "CVE-2009-0083", "ID": "CVE-2009-0083",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 does not properly handle invalid pointers, which allows local users to gain privileges via an application that triggers use of a crafted pointer, aka \"Windows Kernel Invalid Pointer Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://support.avaya.com/elmodocs2/security/ASA-2009-079.htm", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://support.avaya.com/elmodocs2/security/ASA-2009-079.htm" "lang": "eng",
}, "value": "The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 does not properly handle invalid pointers, which allows local users to gain privileges via an application that triggers use of a crafted pointer, aka \"Windows Kernel Invalid Pointer Vulnerability.\""
{ }
"name" : "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=842987&poid=", ]
"refsource" : "CONFIRM", },
"url" : "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=842987&poid=" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "MS09-006", "description": [
"refsource" : "MS", {
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-006" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "TA09-069A", ]
"refsource" : "CERT", }
"url" : "http://www.us-cert.gov/cas/techalerts/TA09-069A.html" ]
}, },
{ "references": {
"name" : "34025", "reference_data": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/34025" "name": "TA09-069A",
}, "refsource": "CERT",
{ "url": "http://www.us-cert.gov/cas/techalerts/TA09-069A.html"
"name" : "52524", },
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/52524" "name": "MS09-006",
}, "refsource": "MS",
{ "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-006"
"name" : "oval:org.mitre.oval:def:5440", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5440" "name": "34025",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/34025"
"name" : "1021827", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id?1021827" "name": "1021827",
}, "refsource": "SECTRACK",
{ "url": "http://www.securitytracker.com/id?1021827"
"name" : "34117", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/34117" "name": "34117",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/34117"
"name" : "ADV-2009-0659", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2009/0659" "name": "oval:org.mitre.oval:def:5440",
} "refsource": "OVAL",
] "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5440"
} },
} {
"name": "52524",
"refsource": "OSVDB",
"url": "http://osvdb.org/52524"
},
{
"name": "ADV-2009-0659",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/0659"
},
{
"name": "http://support.avaya.com/elmodocs2/security/ASA-2009-079.htm",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2009-079.htm"
},
{
"name": "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=842987&poid=",
"refsource": "CONFIRM",
"url": "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=842987&poid="
}
]
}
}

140
2009/0xxx/CVE-2009-0182.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2009-0182", "ID": "CVE-2009-0182",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in VUPlayer 2.49 and earlier allows user-assisted attackers to execute arbitrary code via a long URL in a File line in a .pls file, as demonstrated by an http URL on a File1 line."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "7695", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/7695" "lang": "eng",
}, "value": "Buffer overflow in VUPlayer 2.49 and earlier allows user-assisted attackers to execute arbitrary code via a long URL in a File line in a .pls file, as demonstrated by an http URL on a File1 line."
{ }
"name" : "4923", ]
"refsource" : "SREASON", },
"url" : "http://securityreason.com/securityalert/4923" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "vuplayer-fileline-bo(48170)", "description": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/48170" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "7695",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/7695"
},
{
"name": "vuplayer-fileline-bo(48170)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48170"
},
{
"name": "4923",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4923"
}
]
}
}

250
2009/0xxx/CVE-2009-0749.json
View File

@ -1,127 +1,127 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2009-0749", "ID": "CVE-2009-0749",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Use-after-free vulnerability in the GIFReadNextExtension function in lib/pngxtern/gif/gifread.c in OptiPNG 0.6.2 and earlier allows context-dependent attackers to cause a denial of service (application crash) via a crafted GIF image that causes the realloc function to return a new pointer, which triggers memory corruption when the old pointer is accessed."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20090224 CVE request: optipng security release", "description_data": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2009/02/24/2" "lang": "eng",
}, "value": "Use-after-free vulnerability in the GIFReadNextExtension function in lib/pngxtern/gif/gifread.c in OptiPNG 0.6.2 and earlier allows context-dependent attackers to cause a denial of service (application crash) via a crafted GIF image that causes the realloc function to return a new pointer, which triggers memory corruption when the old pointer is accessed."
{ }
"name" : "[oss-security] 20090225 Re: CVE request: optipng security release", ]
"refsource" : "MLIST", },
"url" : "http://www.openwall.com/lists/oss-security/2009/02/25/4" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://optipng.sourceforge.net", "description": [
"refsource" : "CONFIRM", {
"url" : "http://optipng.sourceforge.net" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://sourceforge.net/tracker/index.php?func=detail&aid=2582013&group_id=151404&atid=780913", ]
"refsource" : "CONFIRM", }
"url" : "http://sourceforge.net/tracker/index.php?func=detail&aid=2582013&group_id=151404&atid=780913" ]
}, },
{ "references": {
"name" : "GLSA-200903-12", "reference_data": [
"refsource" : "GENTOO", {
"url" : "http://www.gentoo.org/security/en/glsa/glsa-200903-12.xml" "name": "34201",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/34201"
"name" : "SUSE-SR:2009:006", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00001.html" "name": "34259",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/34259"
"name" : "SUSE-SR:2009:012", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html" "name": "34035",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/34035"
"name" : "33873", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/33873" "name": "33873",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/33873"
"name" : "34035", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/34035" "name": "SUSE-SR:2009:006",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00001.html"
"name" : "34201", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/34201" "name": "ADV-2009-0510",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2009/0510"
"name" : "34259", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/34259" "name": "http://optipng.sourceforge.net",
}, "refsource": "CONFIRM",
{ "url": "http://optipng.sourceforge.net"
"name" : "35685", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/35685" "name": "http://sourceforge.net/tracker/index.php?func=detail&aid=2582013&group_id=151404&atid=780913",
}, "refsource": "CONFIRM",
{ "url": "http://sourceforge.net/tracker/index.php?func=detail&aid=2582013&group_id=151404&atid=780913"
"name" : "ADV-2009-0510", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2009/0510" "name": "35685",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/35685"
"name" : "optipng-gifreadnextextension-code-execution(48879)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/48879" "name": "SUSE-SR:2009:012",
} "refsource": "SUSE",
] "url": "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html"
} },
} {
"name": "[oss-security] 20090224 CVE request: optipng security release",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2009/02/24/2"
},
{
"name": "[oss-security] 20090225 Re: CVE request: optipng security release",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2009/02/25/4"
},
{
"name": "GLSA-200903-12",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200903-12.xml"
},
{
"name": "optipng-gifreadnextextension-code-execution(48879)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48879"
}
]
}
}

220
2009/0xxx/CVE-2009-0872.json
View File

@ -1,112 +1,112 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2009-0872", "ID": "CVE-2009-0872",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The NFS server in Sun Solaris 10, and OpenSolaris before snv_111, does not properly implement the AUTH_NONE (aka sec=none) security mode in combination with other security modes, which allows remote attackers to bypass intended access restrictions and read or modify files, as demonstrated by a combination of the AUTH_NONE and AUTH_SYS security modes."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://sunsolve.sun.com/search/document.do?assetkey=1-21-139462-02-1", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-21-139462-02-1" "lang": "eng",
}, "value": "The NFS server in Sun Solaris 10, and OpenSolaris before snv_111, does not properly implement the AUTH_NONE (aka sec=none) security mode in combination with other security modes, which allows remote attackers to bypass intended access restrictions and read or modify files, as demonstrated by a combination of the AUTH_NONE and AUTH_SYS security modes."
{ }
"name" : "http://support.avaya.com/elmodocs2/security/ASA-2009-093.htm", ]
"refsource" : "CONFIRM", },
"url" : "http://support.avaya.com/elmodocs2/security/ASA-2009-093.htm" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "253588", "description": [
"refsource" : "SUNALERT", {
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-66-253588-1" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "34063", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/34063" ]
}, },
{ "references": {
"name" : "52559", "reference_data": [
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/52559" "name": "253588",
}, "refsource": "SUNALERT",
{ "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-253588-1"
"name" : "1021833", },
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1021833" "name": "http://support.avaya.com/elmodocs2/security/ASA-2009-093.htm",
}, "refsource": "CONFIRM",
{ "url": "http://support.avaya.com/elmodocs2/security/ASA-2009-093.htm"
"name" : "34213", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/34213" "name": "52559",
}, "refsource": "OSVDB",
{ "url": "http://osvdb.org/52559"
"name" : "34429", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/34429" "name": "1021833",
}, "refsource": "SECTRACK",
{ "url": "http://securitytracker.com/id?1021833"
"name" : "ADV-2009-0658", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2009/0658" "name": "solaris-nfssec-unauthorized-access(49170)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49170"
"name" : "ADV-2009-0798", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2009/0798" "name": "ADV-2009-0658",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2009/0658"
"name" : "solaris-nfssec-unauthorized-access(49170)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/49170" "name": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-139462-02-1",
} "refsource": "CONFIRM",
] "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-139462-02-1"
} },
} {
"name": "34063",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34063"
},
{
"name": "34429",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34429"
},
{
"name": "34213",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34213"
},
{
"name": "ADV-2009-0798",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/0798"
}
]
}
}

190
2009/0xxx/CVE-2009-0971.json
View File

@ -1,97 +1,97 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2009-0971", "ID": "CVE-2009-0971",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in futomi's CGI Cafe Access Analyzer CGI Standard Version 3.8.1 and earlier allows remote attackers to inject arbitrary web script or HTML via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.futomi.com/library/info/2009/20090316.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.futomi.com/library/info/2009/20090316.html" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in futomi's CGI Cafe Access Analyzer CGI Standard Version 3.8.1 and earlier allows remote attackers to inject arbitrary web script or HTML via unknown vectors."
{ }
"name" : "JVN#23558374", ]
"refsource" : "JVN", },
"url" : "http://jvn.jp/en/jp/JVN23558374/index.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "JVNDB-2009-000015", "description": [
"refsource" : "JVNDB", {
"url" : "http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-000015.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "34123", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/34123" ]
}, },
{ "references": {
"name" : "52802", "reference_data": [
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/52802" "name": "http://www.futomi.com/library/info/2009/20090316.html",
}, "refsource": "CONFIRM",
{ "url": "http://www.futomi.com/library/info/2009/20090316.html"
"name" : "34271", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/34271" "name": "34123",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/34123"
"name" : "ADV-2009-0737", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2009/0737" "name": "34271",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/34271"
"name" : "cgicafe-unspecified-xss(49264)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/49264" "name": "JVNDB-2009-000015",
} "refsource": "JVNDB",
] "url": "http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-000015.html"
} },
} {
"name": "ADV-2009-0737",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/0737"
},
{
"name": "52802",
"refsource": "OSVDB",
"url": "http://osvdb.org/52802"
},
{
"name": "JVN#23558374",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN23558374/index.html"
},
{
"name": "cgicafe-unspecified-xss(49264)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49264"
}
]
}
}

160
2009/1xxx/CVE-2009-1332.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2009-1332", "ID": "CVE-2009-1332",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Online Help feature in Sun Java System Directory Server 5.2 and Enterprise Edition 5 allows remote attackers to determine the existence of files and directories, and possibly obtain partial contents of files, via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "255848", "description_data": [
"refsource" : "SUNALERT", {
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-66-255848-1" "lang": "eng",
}, "value": "The Online Help feature in Sun Java System Directory Server 5.2 and Enterprise Edition 5 allows remote attackers to determine the existence of files and directories, and possibly obtain partial contents of files, via unspecified vectors."
{ }
"name" : "34548", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/34548" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "53800", "description": [
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/53800" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "34751", ]
"refsource" : "SECUNIA", }
"url" : "http://secunia.com/advisories/34751" ]
}, },
{ "references": {
"name" : "ADV-2009-1059", "reference_data": [
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2009/1059" "name": "34548",
} "refsource": "BID",
] "url": "http://www.securityfocus.com/bid/34548"
} },
} {
"name": "53800",
"refsource": "OSVDB",
"url": "http://osvdb.org/53800"
},
{
"name": "ADV-2009-1059",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1059"
},
{
"name": "34751",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34751"
},
{
"name": "255848",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-255848-1"
}
]
}
}

150
2009/1xxx/CVE-2009-1953.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2009-1953", "ID": "CVE-2009-1953",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM FileNet Content Manager 4.0, 4.0.1, and 4.5, as used in IBM WebSphere Application Server (WAS) and Oracle BEA WebLogic Application Server, when the CE Web Services listener has a certain WSEAF configuration, does not properly restrict use of a cached Subject, which allows remote attackers to obtain access with the credentials of a recently authenticated user via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21389281", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21389281" "lang": "eng",
}, "value": "IBM FileNet Content Manager 4.0, 4.0.1, and 4.5, as used in IBM WebSphere Application Server (WAS) and Oracle BEA WebLogic Application Server, when the CE Web Services listener has a certain WSEAF configuration, does not properly restrict use of a cached Subject, which allows remote attackers to obtain access with the credentials of a recently authenticated user via unspecified vectors."
{ }
"name" : "35228", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/35228" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "35347", "description": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/35347" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "ADV-2009-1512", ]
"refsource" : "VUPEN", }
"url" : "http://www.vupen.com/english/advisories/2009/1512" ]
} },
] "references": {
} "reference_data": [
} {
"name": "35228",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/35228"
},
{
"name": "35347",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35347"
},
{
"name": "ADV-2009-1512",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1512"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21389281",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21389281"
}
]
}
}

130
2009/3xxx/CVE-2009-3055.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2009-3055", "ID": "CVE-2009-3055",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PHP remote file inclusion vulnerability in engine/api/api.class.php in DataLife Engine (DLE) 8.2 allows remote attackers to execute arbitrary PHP code via a URL in the dle_config_api parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "9572", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "http://www.exploit-db.com/exploits/9572" "lang": "eng",
}, "value": "PHP remote file inclusion vulnerability in engine/api/api.class.php in DataLife Engine (DLE) 8.2 allows remote attackers to execute arbitrary PHP code via a URL in the dle_config_api parameter."
{ }
"name" : "36212", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/36212" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "36212",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/36212"
},
{
"name": "9572",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/9572"
}
]
}
}

260
2009/3xxx/CVE-2009-3896.json
View File

@ -1,132 +1,132 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2009-3896", "ID": "CVE-2009-3896",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "src/http/ngx_http_parse.c in nginx (aka Engine X) 0.1.0 through 0.4.14, 0.5.x before 0.5.38, 0.6.x before 0.6.39, 0.7.x before 0.7.62, and 0.8.x before 0.8.14 allows remote attackers to cause a denial of service (NULL pointer dereference and worker process crash) via a long URI."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[nginx] 20091030 Re: null pointer dereference vulnerability in 0.1.0-0.8.13.", "description_data": [
"refsource" : "MLIST", {
"url" : "http://marc.info/?l=nginx&m=125692080328141&w=2" "lang": "eng",
}, "value": "src/http/ngx_http_parse.c in nginx (aka Engine X) 0.1.0 through 0.4.14, 0.5.x before 0.5.38, 0.6.x before 0.6.39, 0.7.x before 0.7.62, and 0.8.x before 0.8.14 allows remote attackers to cause a denial of service (NULL pointer dereference and worker process crash) via a long URI."
{ }
"name" : "[oss-security] 20091120 CVE Assignment nginx", ]
"refsource" : "MLIST", },
"url" : "http://www.openwall.com/lists/oss-security/2009/11/20/6" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "[oss-security] 20091120 CVEs for nginx", "description": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2009/11/20/1" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "[oss-security] 20091123 Re: CVEs for nginx", ]
"refsource" : "MLIST", }
"url" : "http://www.openwall.com/lists/oss-security/2009/11/23/10" ]
}, },
{ "references": {
"name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=552035", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=552035" "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=552035",
}, "refsource": "CONFIRM",
{ "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=552035"
"name" : "http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch3.diff.gz", },
"refsource" : "CONFIRM", {
"url" : "http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch3.diff.gz" "name": "FEDORA-2009-12750",
}, "refsource": "FEDORA",
{ "url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00428.html"
"name" : "http://sysoev.ru/nginx/patch.null.pointer.txt", },
"refsource" : "CONFIRM", {
"url" : "http://sysoev.ru/nginx/patch.null.pointer.txt" "name": "36839",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/36839"
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=539565", },
"refsource" : "CONFIRM", {
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=539565" "name": "[oss-security] 20091123 Re: CVEs for nginx",
}, "refsource": "MLIST",
{ "url": "http://www.openwall.com/lists/oss-security/2009/11/23/10"
"name" : "DSA-1920", },
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2009/dsa-1920" "name": "https://bugzilla.redhat.com/show_bug.cgi?id=539565",
}, "refsource": "CONFIRM",
{ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=539565"
"name" : "FEDORA-2009-12750", },
"refsource" : "FEDORA", {
"url" : "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00428.html" "name": "FEDORA-2009-12775",
}, "refsource": "FEDORA",
{ "url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00442.html"
"name" : "FEDORA-2009-12775", },
"refsource" : "FEDORA", {
"url" : "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00442.html" "name": "http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch3.diff.gz",
}, "refsource": "CONFIRM",
{ "url": "http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch3.diff.gz"
"name" : "FEDORA-2009-12782", },
"refsource" : "FEDORA", {
"url" : "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00449.html" "name": "FEDORA-2009-12782",
}, "refsource": "FEDORA",
{ "url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00449.html"
"name" : "GLSA-201203-22", },
"refsource" : "GENTOO", {
"url" : "http://security.gentoo.org/glsa/glsa-201203-22.xml" "name": "DSA-1920",
}, "refsource": "DEBIAN",
{ "url": "http://www.debian.org/security/2009/dsa-1920"
"name" : "36839", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/36839" "name": "48577",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/48577"
"name" : "48577", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/48577" "name": "[oss-security] 20091120 CVE Assignment nginx",
} "refsource": "MLIST",
] "url": "http://www.openwall.com/lists/oss-security/2009/11/20/6"
} },
} {
"name": "http://sysoev.ru/nginx/patch.null.pointer.txt",
"refsource": "CONFIRM",
"url": "http://sysoev.ru/nginx/patch.null.pointer.txt"
},
{
"name": "[oss-security] 20091120 CVEs for nginx",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2009/11/20/1"
},
{
"name": "GLSA-201203-22",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201203-22.xml"
},
{
"name": "[nginx] 20091030 Re: null pointer dereference vulnerability in 0.1.0-0.8.13.",
"refsource": "MLIST",
"url": "http://marc.info/?l=nginx&m=125692080328141&w=2"
}
]
}
}

360
2009/3xxx/CVE-2009-3986.json
View File

@ -1,182 +1,182 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2009-3986", "ID": "CVE-2009-3986",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, allows remote attackers to execute arbitrary JavaScript with chrome privileges by leveraging a reference to a chrome window from a content window, related to the window.opener property."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.mozilla.org/security/announce/2009/mfsa2009-70.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.mozilla.org/security/announce/2009/mfsa2009-70.html" "lang": "eng",
}, "value": "Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, allows remote attackers to execute arbitrary JavaScript with chrome privileges by leveraging a reference to a chrome window from a content window, related to the window.opener property."
{ }
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=522430", ]
"refsource" : "CONFIRM", },
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=522430" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=546724", "description": [
"refsource" : "CONFIRM", {
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=546724" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "DSA-1956", ]
"refsource" : "DEBIAN", }
"url" : "http://www.debian.org/security/2009/dsa-1956" ]
}, },
{ "references": {
"name" : "FEDORA-2009-13333", "reference_data": [
"refsource" : "FEDORA", {
"url" : "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00995.html" "name": "37704",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/37704"
"name" : "FEDORA-2009-13362", },
"refsource" : "FEDORA", {
"url" : "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01034.html" "name": "oval:org.mitre.oval:def:8489",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8489"
"name" : "FEDORA-2009-13366", },
"refsource" : "FEDORA", {
"url" : "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01041.html" "name": "37699",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/37699"
"name" : "RHSA-2009:1674", },
"refsource" : "REDHAT", {
"url" : "https://rhn.redhat.com/errata/RHSA-2009-1674.html" "name": "oval:org.mitre.oval:def:11568",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11568"
"name" : "SUSE-SA:2009:063", },
"refsource" : "SUSE", {
"url" : "http://www.novell.com/linux/security/advisories/2009_63_firefox.html" "name": "ADV-2009-3547",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2009/3547"
"name" : "USN-873-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-873-1" "name": "37881",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/37881"
"name" : "USN-874-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-874-1" "name": "FEDORA-2009-13362",
}, "refsource": "FEDORA",
{ "url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01034.html"
"name" : "37349", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/37349" "name": "37785",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/37785"
"name" : "37365", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/37365" "name": "1023345",
}, "refsource": "SECTRACK",
{ "url": "http://securitytracker.com/id?1023345"
"name" : "oval:org.mitre.oval:def:11568", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11568" "name": "http://www.mozilla.org/security/announce/2009/mfsa2009-70.html",
}, "refsource": "CONFIRM",
{ "url": "http://www.mozilla.org/security/announce/2009/mfsa2009-70.html"
"name" : "oval:org.mitre.oval:def:8489", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8489" "name": "USN-874-1",
}, "refsource": "UBUNTU",
{ "url": "http://www.ubuntu.com/usn/USN-874-1"
"name" : "1023344", },
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1023344" "name": "37813",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/37813"
"name" : "1023345", },
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1023345" "name": "FEDORA-2009-13333",
}, "refsource": "FEDORA",
{ "url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00995.html"
"name" : "37699", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/37699" "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=522430",
}, "refsource": "CONFIRM",
{ "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=522430"
"name" : "37704", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/37704" "name": "USN-873-1",
}, "refsource": "UBUNTU",
{ "url": "http://www.ubuntu.com/usn/USN-873-1"
"name" : "37785", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/37785" "name": "https://bugzilla.redhat.com/show_bug.cgi?id=546724",
}, "refsource": "CONFIRM",
{ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=546724"
"name" : "37813", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/37813" "name": "37365",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/37365"
"name" : "37856", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/37856" "name": "37349",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/37349"
"name" : "37881", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/37881" "name": "RHSA-2009:1674",
}, "refsource": "REDHAT",
{ "url": "https://rhn.redhat.com/errata/RHSA-2009-1674.html"
"name" : "ADV-2009-3547", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2009/3547" "name": "FEDORA-2009-13366",
}, "refsource": "FEDORA",
{ "url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01041.html"
"name" : "firefox-windowopener-code-execution(54803)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/54803" "name": "DSA-1956",
} "refsource": "DEBIAN",
] "url": "http://www.debian.org/security/2009/dsa-1956"
} },
} {
"name": "37856",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37856"
},
{
"name": "1023344",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1023344"
},
{
"name": "firefox-windowopener-code-execution(54803)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54803"
},
{
"name": "SUSE-SA:2009:063",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2009_63_firefox.html"
}
]
}
}

200
2009/4xxx/CVE-2009-4014.json
View File

@ -1,102 +1,102 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2009-4014", "ID": "CVE-2009-4014",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple format string vulnerabilities in Lintian 1.23.x through 1.23.28, 1.24.x through 1.24.2.1, and 2.x before 2.3.2 allow remote attackers to have an unspecified impact via vectors involving (1) check scripts and (2) the Lintian::Schedule module."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[debian-changes] 20100128 Accepted lintian 1.24.2.1+lenny1 (source all)", "description_data": [
"refsource" : "MLIST", {
"url" : "http://packages.qa.debian.org/l/lintian/news/20100128T015554Z.html" "lang": "eng",
}, "value": "Multiple format string vulnerabilities in Lintian 1.23.x through 1.23.28, 1.24.x through 1.24.2.1, and 2.x before 2.3.2 allow remote attackers to have an unspecified impact via vectors involving (1) check scripts and (2) the Lintian::Schedule module."
{ }
"name" : "http://git.debian.org/?p=lintian/lintian.git;a=commit;h=c8d01f062b3e5137cf65196760b079a855c75e00", ]
"refsource" : "CONFIRM", },
"url" : "http://git.debian.org/?p=lintian/lintian.git;a=commit;h=c8d01f062b3e5137cf65196760b079a855c75e00" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://git.debian.org/?p=lintian/lintian.git;a=commit;h=fbe0c92b2ef7e360d13414bf40d6af5507d0c86d", "description": [
"refsource" : "CONFIRM", {
"url" : "http://git.debian.org/?p=lintian/lintian.git;a=commit;h=fbe0c92b2ef7e360d13414bf40d6af5507d0c86d" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://packages.debian.org/changelogs/pool/main/l/lintian/lintian_2.3.2/changelog", ]
"refsource" : "CONFIRM", }
"url" : "http://packages.debian.org/changelogs/pool/main/l/lintian/lintian_2.3.2/changelog" ]
}, },
{ "references": {
"name" : "DSA-1979", "reference_data": [
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2010/dsa-1979" "name": "38379",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/38379"
"name" : "USN-891-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-891-1" "name": "http://git.debian.org/?p=lintian/lintian.git;a=commit;h=fbe0c92b2ef7e360d13414bf40d6af5507d0c86d",
}, "refsource": "CONFIRM",
{ "url": "http://git.debian.org/?p=lintian/lintian.git;a=commit;h=fbe0c92b2ef7e360d13414bf40d6af5507d0c86d"
"name" : "37975", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/37975" "name": "[debian-changes] 20100128 Accepted lintian 1.24.2.1+lenny1 (source all)",
}, "refsource": "MLIST",
{ "url": "http://packages.qa.debian.org/l/lintian/news/20100128T015554Z.html"
"name" : "38375", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/38375" "name": "38375",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/38375"
"name" : "38379", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/38379" "name": "http://packages.debian.org/changelogs/pool/main/l/lintian/lintian_2.3.2/changelog",
} "refsource": "CONFIRM",
] "url": "http://packages.debian.org/changelogs/pool/main/l/lintian/lintian_2.3.2/changelog"
} },
} {
"name": "DSA-1979",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2010/dsa-1979"
},
{
"name": "http://git.debian.org/?p=lintian/lintian.git;a=commit;h=c8d01f062b3e5137cf65196760b079a855c75e00",
"refsource": "CONFIRM",
"url": "http://git.debian.org/?p=lintian/lintian.git;a=commit;h=c8d01f062b3e5137cf65196760b079a855c75e00"
},
{
"name": "37975",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/37975"
},
{
"name": "USN-891-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-891-1"
}
]
}
}

160
2009/4xxx/CVE-2009-4362.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2009-4362", "ID": "CVE-2009-4362",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple buffer overflows in qosmod in IBM AIX 6.1 allow local users to cause a denial of service (application crash) or possibly gain privileges via long string arguments. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "IZ66918", "description_data": [
"refsource" : "AIXAPAR", {
"url" : "http://www.ibm.com/support/docview.wss?uid=isg1IZ66918" "lang": "eng",
}, "value": "Multiple buffer overflows in qosmod in IBM AIX 6.1 allow local users to cause a denial of service (application crash) or possibly gain privileges via long string arguments. NOTE: some of these details are obtained from third party information."
{ }
"name" : "IZ66967", ]
"refsource" : "AIXAPAR", },
"url" : "http://www.ibm.com/support/docview.wss?uid=isg1IZ66967" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "37412", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/37412" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "37833", ]
"refsource" : "SECUNIA", }
"url" : "http://secunia.com/advisories/37833" ]
}, },
{ "references": {
"name" : "ADV-2009-3600", "reference_data": [
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2009/3600" "name": "IZ66918",
} "refsource": "AIXAPAR",
] "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ66918"
} },
} {
"name": "37833",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37833"
},
{
"name": "37412",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/37412"
},
{
"name": "ADV-2009-3600",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/3600"
},
{
"name": "IZ66967",
"refsource": "AIXAPAR",
"url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ66967"
}
]
}
}

140
2009/4xxx/CVE-2009-4726.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2009-4726", "ID": "CVE-2009-4726",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in download.php in Quickdev 4 PHP allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "9334", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "http://www.exploit-db.com/exploits/9334" "lang": "eng",
}, "value": "Directory traversal vulnerability in download.php in Quickdev 4 PHP allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter."
{ }
"name" : "36130", ]
"refsource" : "SECUNIA", },
"url" : "http://secunia.com/advisories/36130" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "ADV-2009-2126", "description": [
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2009/2126" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "9334",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/9334"
},
{
"name": "ADV-2009-2126",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/2126"
},
{
"name": "36130",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36130"
}
]
}
}

120
2009/4xxx/CVE-2009-4961.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2009-4961", "ID": "CVE-2009-4961",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Lanai Core 0.6 allows remote attackers to obtain configuration information via a direct request to info.php, which calls the phpinfo function."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "9490", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "http://www.exploit-db.com/exploits/9490" "lang": "eng",
} "value": "Lanai Core 0.6 allows remote attackers to obtain configuration information via a direct request to info.php, which calls the phpinfo function."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "9490",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/9490"
}
]
}
}

190
2012/2xxx/CVE-2012-2705.json
View File

@ -1,97 +1,97 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2012-2705", "ID": "CVE-2012-2705",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The filter_titles function in the Smart Breadcrumb module 6.x-1.x before 6.x-1.3 for Drupal does not properly convert a title to plain-text, which allows remote authenticated users with create or edit node permissions to conduct cross-site scripting (XSS) attacks via the title parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20120613 Re: CVE Request for Drupal contributed modules", "description_data": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2012/06/14/3" "lang": "eng",
}, "value": "The filter_titles function in the Smart Breadcrumb module 6.x-1.x before 6.x-1.3 for Drupal does not properly convert a title to plain-text, which allows remote authenticated users with create or edit node permissions to conduct cross-site scripting (XSS) attacks via the title parameter."
{ }
"name" : "http://drupal.org/node/1585564", ]
"refsource" : "MISC", },
"url" : "http://drupal.org/node/1585564" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://drupal.org/node/1568216", "description": [
"refsource" : "CONFIRM", {
"url" : "http://drupal.org/node/1568216" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://drupalcode.org/project/smart_breadcrumb.git/commitdiff/834f75a", ]
"refsource" : "CONFIRM", }
"url" : "http://drupalcode.org/project/smart_breadcrumb.git/commitdiff/834f75a" ]
}, },
{ "references": {
"name" : "53592", "reference_data": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/53592" "name": "82006",
}, "refsource": "OSVDB",
{ "url": "http://www.osvdb.org/82006"
"name" : "82006", },
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/82006" "name": "53592",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/53592"
"name" : "49163", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/49163" "name": "http://drupal.org/node/1568216",
}, "refsource": "CONFIRM",
{ "url": "http://drupal.org/node/1568216"
"name" : "smartbreadcrumb-filtertitles-xss(75713)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/75713" "name": "smartbreadcrumb-filtertitles-xss(75713)",
} "refsource": "XF",
] "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75713"
} },
} {
"name": "[oss-security] 20120613 Re: CVE Request for Drupal contributed modules",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/06/14/3"
},
{
"name": "49163",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/49163"
},
{
"name": "http://drupal.org/node/1585564",
"refsource": "MISC",
"url": "http://drupal.org/node/1585564"
},
{
"name": "http://drupalcode.org/project/smart_breadcrumb.git/commitdiff/834f75a",
"refsource": "CONFIRM",
"url": "http://drupalcode.org/project/smart_breadcrumb.git/commitdiff/834f75a"
}
]
}
}

150
2012/2xxx/CVE-2012-2706.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2012-2706", "ID": "CVE-2012-2706",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the Post Affiliate Pro (PAP) module for Drupal allows remote attackers to inject arbitrary web script or HTML via vectors related to user registration."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20120613 Re: CVE Request for Drupal contributed modules", "description_data": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2012/06/14/3" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in the Post Affiliate Pro (PAP) module for Drupal allows remote attackers to inject arbitrary web script or HTML via vectors related to user registration."
{ }
"name" : "http://drupal.org/node/1585648", ]
"refsource" : "MISC", },
"url" : "http://drupal.org/node/1585648" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "53589", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/53589" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "postaffiliatepro-registration-xss(75716)", ]
"refsource" : "XF", }
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/75716" ]
} },
] "references": {
} "reference_data": [
} {
"name": "53589",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/53589"
},
{
"name": "postaffiliatepro-registration-xss(75716)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75716"
},
{
"name": "[oss-security] 20120613 Re: CVE Request for Drupal contributed modules",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/06/14/3"
},
{
"name": "http://drupal.org/node/1585648",
"refsource": "MISC",
"url": "http://drupal.org/node/1585648"
}
]
}
}

140
2012/2xxx/CVE-2012-2930.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2012-2930", "ID": "CVE-2012-2930",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site request forgery (CSRF) vulnerabilities in TinyWebGallery (TWG) before 1.8.8 allow remote attackers to hijack the authentication of administrators for requests that (1) add a user via an adduser action to admin/index.php or (2) conduct static PHP code injection attacks in .htusers.php via the user parameter to admin/index.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://www.htbridge.com/advisory/HTB23093", "description_data": [
"refsource" : "MISC", {
"url" : "https://www.htbridge.com/advisory/HTB23093" "lang": "eng",
}, "value": "Multiple cross-site request forgery (CSRF) vulnerabilities in TinyWebGallery (TWG) before 1.8.8 allow remote attackers to hijack the authentication of administrators for requests that (1) add a user via an adduser action to admin/index.php or (2) conduct static PHP code injection attacks in .htusers.php via the user parameter to admin/index.php."
{ }
"name" : "http://www.tinywebgallery.com/forum/web-photo-gallery-news-f14/twg-1-8-8-is-available-t3274.html", ]
"refsource" : "CONFIRM", },
"url" : "http://www.tinywebgallery.com/forum/web-photo-gallery-news-f14/twg-1-8-8-is-available-t3274.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "82961", "description": [
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/show/osvdb/82961" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "http://www.tinywebgallery.com/forum/web-photo-gallery-news-f14/twg-1-8-8-is-available-t3274.html",
"refsource": "CONFIRM",
"url": "http://www.tinywebgallery.com/forum/web-photo-gallery-news-f14/twg-1-8-8-is-available-t3274.html"
},
{
"name": "https://www.htbridge.com/advisory/HTB23093",
"refsource": "MISC",
"url": "https://www.htbridge.com/advisory/HTB23093"
},
{
"name": "82961",
"refsource": "OSVDB",
"url": "http://osvdb.org/show/osvdb/82961"
}
]
}
}

34
2012/6xxx/CVE-2012-6025.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2012-6025", "ID": "CVE-2012-6025",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

140
2012/6xxx/CVE-2012-6041.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2012-6041", "ID": "CVE-2012-6041",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Double free vulnerability in GreenBrowser before 6.0.1002, when the keyword search bar (F6) is activated, allows remote attackers to execute arbitrary code via a crafted iframe."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20120112 GreenBrowser iframe content Double Free Vulnerability", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://archives.neohapsis.com/archives/bugtraq/2012-01/0079.html" "lang": "eng",
}, "value": "Double free vulnerability in GreenBrowser before 6.0.1002, when the keyword search bar (F6) is activated, allows remote attackers to execute arbitrary code via a crafted iframe."
{ }
"name" : "51393", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/51393" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "greenbrowser-shortcut-code-execution(72351)", "description": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/72351" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "greenbrowser-shortcut-code-execution(72351)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72351"
},
{
"name": "51393",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/51393"
},
{
"name": "20120112 GreenBrowser iframe content Double Free Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-01/0079.html"
}
]
}
}

160
2012/6xxx/CVE-2012-6708.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2012-6708", "ID": "CVE-2012-6708",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "jQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS) attacks. The jQuery(strInput) function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions, jQuery determined whether the input was HTML by looking for the '<' character anywhere in the string, giving attackers more flexibility when attempting to construct a malicious payload. In fixed versions, jQuery only deems the input to be HTML if it explicitly starts with the '<' character, limiting exploitability only to attackers who can control the beginning of a string, which is far less common."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://bugs.jquery.com/ticket/11290", "description_data": [
"refsource" : "MISC", {
"url" : "https://bugs.jquery.com/ticket/11290" "lang": "eng",
}, "value": "jQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS) attacks. The jQuery(strInput) function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions, jQuery determined whether the input was HTML by looking for the '<' character anywhere in the string, giving attackers more flexibility when attempting to construct a malicious payload. In fixed versions, jQuery only deems the input to be HTML if it explicitly starts with the '<' character, limiting exploitability only to attackers who can control the beginning of a string, which is far less common."
{ }
"name" : "https://github.com/jquery/jquery/commit/05531fc4080ae24070930d15ae0cea7ae056457d", ]
"refsource" : "MISC", },
"url" : "https://github.com/jquery/jquery/commit/05531fc4080ae24070930d15ae0cea7ae056457d" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://snyk.io/vuln/npm:jquery:20120206", "description": [
"refsource" : "MISC", {
"url" : "https://snyk.io/vuln/npm:jquery:20120206" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0", ]
"refsource" : "CONFIRM", }
"url" : "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0" ]
}, },
{ "references": {
"name" : "102792", "reference_data": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/102792" "name": "https://snyk.io/vuln/npm:jquery:20120206",
} "refsource": "MISC",
] "url": "https://snyk.io/vuln/npm:jquery:20120206"
} },
} {
"name": "https://bugs.jquery.com/ticket/11290",
"refsource": "MISC",
"url": "https://bugs.jquery.com/ticket/11290"
},
{
"name": "https://github.com/jquery/jquery/commit/05531fc4080ae24070930d15ae0cea7ae056457d",
"refsource": "MISC",
"url": "https://github.com/jquery/jquery/commit/05531fc4080ae24070930d15ae0cea7ae056457d"
},
{
"name": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0",
"refsource": "CONFIRM",
"url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
},
{
"name": "102792",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102792"
}
]
}
}

210
2015/1xxx/CVE-2015-1235.json
View File

@ -1,107 +1,107 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "security@google.com",
"ID" : "CVE-2015-1235", "ID": "CVE-2015-1235",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The ContainerNode::parserRemoveChild function in core/dom/ContainerNode.cpp in the HTML parser in Blink, as used in Google Chrome before 42.0.2311.90, allows remote attackers to bypass the Same Origin Policy via a crafted HTML document with an IFRAME element."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://googlechromereleases.blogspot.com/2015/04/stable-channel-update_14.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://googlechromereleases.blogspot.com/2015/04/stable-channel-update_14.html" "lang": "eng",
}, "value": "The ContainerNode::parserRemoveChild function in core/dom/ContainerNode.cpp in the HTML parser in Blink, as used in Google Chrome before 42.0.2311.90, allows remote attackers to bypass the Same Origin Policy via a crafted HTML document with an IFRAME element."
{ }
"name" : "https://code.google.com/p/chromium/issues/detail?id=456518", ]
"refsource" : "CONFIRM", },
"url" : "https://code.google.com/p/chromium/issues/detail?id=456518" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://src.chromium.org/viewvc/blink?revision=190980&view=revision", "description": [
"refsource" : "CONFIRM", {
"url" : "https://src.chromium.org/viewvc/blink?revision=190980&view=revision" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "DSA-3238", ]
"refsource" : "DEBIAN", }
"url" : "http://www.debian.org/security/2015/dsa-3238" ]
}, },
{ "references": {
"name" : "GLSA-201506-04", "reference_data": [
"refsource" : "GENTOO", {
"url" : "https://security.gentoo.org/glsa/201506-04" "name": "RHSA-2015:0816",
}, "refsource": "REDHAT",
{ "url": "http://rhn.redhat.com/errata/RHSA-2015-0816.html"
"name" : "RHSA-2015:0816", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2015-0816.html" "name": "https://code.google.com/p/chromium/issues/detail?id=456518",
}, "refsource": "CONFIRM",
{ "url": "https://code.google.com/p/chromium/issues/detail?id=456518"
"name" : "openSUSE-SU-2015:1887", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-updates/2015-11/msg00024.html" "name": "DSA-3238",
}, "refsource": "DEBIAN",
{ "url": "http://www.debian.org/security/2015/dsa-3238"
"name" : "openSUSE-SU-2015:0748", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-updates/2015-04/msg00040.html" "name": "https://src.chromium.org/viewvc/blink?revision=190980&view=revision",
}, "refsource": "CONFIRM",
{ "url": "https://src.chromium.org/viewvc/blink?revision=190980&view=revision"
"name" : "USN-2570-1", },
"refsource" : "UBUNTU", {
"url" : "http://ubuntu.com/usn/USN-2570-1" "name": "openSUSE-SU-2015:1887",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-updates/2015-11/msg00024.html"
"name" : "1032209", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1032209" "name": "GLSA-201506-04",
} "refsource": "GENTOO",
] "url": "https://security.gentoo.org/glsa/201506-04"
} },
} {
"name": "1032209",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1032209"
},
{
"name": "USN-2570-1",
"refsource": "UBUNTU",
"url": "http://ubuntu.com/usn/USN-2570-1"
},
{
"name": "openSUSE-SU-2015:0748",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2015-04/msg00040.html"
},
{
"name": "http://googlechromereleases.blogspot.com/2015/04/stable-channel-update_14.html",
"refsource": "CONFIRM",
"url": "http://googlechromereleases.blogspot.com/2015/04/stable-channel-update_14.html"
}
]
}
}

140
2015/1xxx/CVE-2015-1644.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secure@microsoft.com",
"ID" : "CVE-2015-1644", "ID": "CVE-2015-1644",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 do not properly constrain impersonation levels, which allows local users to gain privileges via a crafted application, aka \"Windows MS-DOS Device Name Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "MS15-038", "description_data": [
"refsource" : "MS", {
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-038" "lang": "eng",
}, "value": "Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 do not properly constrain impersonation levels, which allows local users to gain privileges via a crafted application, aka \"Windows MS-DOS Device Name Vulnerability.\""
{ }
"name" : "73998", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/73998" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1032113", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1032113" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "73998",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/73998"
},
{
"name": "1032113",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1032113"
},
{
"name": "MS15-038",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-038"
}
]
}
}

130
2015/1xxx/CVE-2015-1662.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secure@microsoft.com",
"ID" : "CVE-2015-1662", "ID": "CVE-2015-1662",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability,\" a different vulnerability than CVE-2015-1659 and CVE-2015-1665."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "MS15-032", "description_data": [
"refsource" : "MS", {
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-032" "lang": "eng",
}, "value": "Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability,\" a different vulnerability than CVE-2015-1659 and CVE-2015-1665."
{ }
"name" : "1032108", ]
"refsource" : "SECTRACK", },
"url" : "http://www.securitytracker.com/id/1032108" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1032108",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1032108"
},
{
"name": "MS15-032",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-032"
}
]
}
}

130
2015/5xxx/CVE-2015-5040.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "psirt@us.ibm.com",
"ID" : "CVE-2015-5040", "ID": "CVE-2015-5040",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in IBM Domino 8.5.1 through 8.5.3 before 8.5.3 FP6 IF10 and 9.x before 9.0.1 FP4 IF3 allows remote attackers to execute arbitrary code or cause a denial of service (SMTP daemon crash) via a crafted GIF image, aka SPRs KLYH9ZDKRE and KLYH9ZTLEZ, a different vulnerability than CVE-2015-4994."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21969050", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21969050" "lang": "eng",
}, "value": "Buffer overflow in IBM Domino 8.5.1 through 8.5.3 before 8.5.3 FP6 IF10 and 9.x before 9.0.1 FP4 IF3 allows remote attackers to execute arbitrary code or cause a denial of service (SMTP daemon crash) via a crafted GIF image, aka SPRs KLYH9ZDKRE and KLYH9ZTLEZ, a different vulnerability than CVE-2015-4994."
{ }
"name" : "1033974", ]
"refsource" : "SECTRACK", },
"url" : "http://www.securitytracker.com/id/1033974" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1033974",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1033974"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21969050",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21969050"
}
]
}
}

140
2015/5xxx/CVE-2015-5470.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2015-5470", "ID": "CVE-2015-5470",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The label decompression functionality in PowerDNS Recursor before 3.6.4 and 3.7.x before 3.7.3 and Authoritative (Auth) Server before 3.3.3 and 3.4.x before 3.4.5 allows remote attackers to cause a denial of service (CPU consumption or crash) via a request with a long name that refers to itself. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-1868."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20150707 Follow up: PowerDNS Security Advisory 2015-01", "description_data": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2015/07/07/6" "lang": "eng",
}, "value": "The label decompression functionality in PowerDNS Recursor before 3.6.4 and 3.7.x before 3.7.3 and Authoritative (Auth) Server before 3.3.3 and 3.4.x before 3.4.5 allows remote attackers to cause a denial of service (CPU consumption or crash) via a request with a long name that refers to itself. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-1868."
{ }
"name" : "[oss-security] 20150710 Re: Follow up: PowerDNS Security Advisory 2015-01", ]
"refsource" : "MLIST", },
"url" : "http://www.openwall.com/lists/oss-security/2015/07/10/8" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://doc.powerdns.com/md/security/powerdns-advisory-2015-01/", "description": [
"refsource" : "CONFIRM", {
"url" : "https://doc.powerdns.com/md/security/powerdns-advisory-2015-01/" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "https://doc.powerdns.com/md/security/powerdns-advisory-2015-01/",
"refsource": "CONFIRM",
"url": "https://doc.powerdns.com/md/security/powerdns-advisory-2015-01/"
},
{
"name": "[oss-security] 20150710 Re: Follow up: PowerDNS Security Advisory 2015-01",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/07/10/8"
},
{
"name": "[oss-security] 20150707 Follow up: PowerDNS Security Advisory 2015-01",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/07/07/6"
}
]
}
}

140
2015/5xxx/CVE-2015-5909.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "product-security@apple.com",
"ID" : "CVE-2015-5909", "ID": "CVE-2015-5909",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IDE Xcode Server in Apple Xcode before 7.0 does not properly restrict access to repository e-mail lists, which allows remote attackers to obtain potentially sensitive build information in opportunistic circumstances by leveraging incorrect notification delivery."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://support.apple.com/HT205217", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://support.apple.com/HT205217" "lang": "eng",
}, "value": "IDE Xcode Server in Apple Xcode before 7.0 does not properly restrict access to repository e-mail lists, which allows remote attackers to obtain potentially sensitive build information in opportunistic circumstances by leveraging incorrect notification delivery."
{ }
"name" : "APPLE-SA-2015-09-16-2", ]
"refsource" : "APPLE", },
"url" : "http://lists.apple.com/archives/security-announce/2015/Sep/msg00002.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1033596", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1033596" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "1033596",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1033596"
},
{
"name": "https://support.apple.com/HT205217",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT205217"
},
{
"name": "APPLE-SA-2015-09-16-2",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00002.html"
}
]
}
}

140
2018/11xxx/CVE-2018-11146.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-11146", "ID": "CVE-2018-11146",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 4 of 46)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20180531 [CORE-2018-0002] - Quest DR Series Disk Backup Multiple Vulnerabilities", "description_data": [
"refsource" : "FULLDISC", {
"url" : "http://seclists.org/fulldisclosure/2018/May/71" "lang": "eng",
}, "value": "Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 4 of 46)."
{ }
"name" : "http://packetstormsecurity.com/files/148003/Quest-DR-Series-Disk-Backup-Software-4.0.3-Code-Execution.html", ]
"refsource" : "MISC", },
"url" : "http://packetstormsecurity.com/files/148003/Quest-DR-Series-Disk-Backup-Software-4.0.3-Code-Execution.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://www.coresecurity.com/advisories/quest-dr-series-disk-backup-multiple-vulnerabilities", "description": [
"refsource" : "MISC", {
"url" : "https://www.coresecurity.com/advisories/quest-dr-series-disk-backup-multiple-vulnerabilities" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "20180531 [CORE-2018-0002] - Quest DR Series Disk Backup Multiple Vulnerabilities",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2018/May/71"
},
{
"name": "http://packetstormsecurity.com/files/148003/Quest-DR-Series-Disk-Backup-Software-4.0.3-Code-Execution.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/148003/Quest-DR-Series-Disk-Backup-Software-4.0.3-Code-Execution.html"
},
{
"name": "https://www.coresecurity.com/advisories/quest-dr-series-disk-backup-multiple-vulnerabilities",
"refsource": "MISC",
"url": "https://www.coresecurity.com/advisories/quest-dr-series-disk-backup-multiple-vulnerabilities"
}
]
}
}

130
2018/11xxx/CVE-2018-11221.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-11221", "ID": "CVE-2018-11221",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unauthenticated untrusted file upload in Artica Pandora FMS through version 7.23 allows an attacker to upload an arbitrary plugin via include/ajax/update_manager.ajax in the update system."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://blog.hackercat.ninja/post/pandoras_box/", "description_data": [
"refsource" : "MISC", {
"url" : "https://blog.hackercat.ninja/post/pandoras_box/" "lang": "eng",
}, "value": "Unauthenticated untrusted file upload in Artica Pandora FMS through version 7.23 allows an attacker to upload an arbitrary plugin via include/ajax/update_manager.ajax in the update system."
{ }
"name" : "https://pandorafms.com/wp-content/uploads/2018/06/whats-new-723-EN.pdf", ]
"refsource" : "CONFIRM", },
"url" : "https://pandorafms.com/wp-content/uploads/2018/06/whats-new-723-EN.pdf" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://pandorafms.com/wp-content/uploads/2018/06/whats-new-723-EN.pdf",
"refsource": "CONFIRM",
"url": "https://pandorafms.com/wp-content/uploads/2018/06/whats-new-723-EN.pdf"
},
{
"name": "https://blog.hackercat.ninja/post/pandoras_box/",
"refsource": "MISC",
"url": "https://blog.hackercat.ninja/post/pandoras_box/"
}
]
}
}

140
2018/11xxx/CVE-2018-11292.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "product-security@qualcomm.com", "ASSIGNER": "product-security@qualcomm.com",
"ID" : "CVE-2018-11292", "ID": "CVE-2018-11292",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear", "product_name": "Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCA6574AU, QCA6584, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 820A, SDM429, SDM439, SDM630, SDM632, SDM636, SDM660, Snapdragon_High_Med_2016" "version_value": "MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCA6574AU, QCA6584, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 820A, SDM429, SDM439, SDM630, SDM632, SDM636, SDM660, Snapdragon_High_Med_2016"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Qualcomm, Inc." "vendor_name": "Qualcomm, Inc."
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In Snapdragon (Automobile, Mobile, Wear) in version MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCA6574AU, QCA6584, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 820A, SDM429, SDM439, SDM630, SDM632, SDM636, SDM660, Snapdragon_High_Med_2016, lack of input validation in WLANWMI command handlers can lead to integer & heap overflows."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Buffer Overflow in WLAN"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://support.blackberry.com/kb/articleDetail?language=en_US&articleNumber=000051618", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://support.blackberry.com/kb/articleDetail?language=en_US&articleNumber=000051618" "lang": "eng",
}, "value": "In Snapdragon (Automobile, Mobile, Wear) in version MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCA6574AU, QCA6584, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 820A, SDM429, SDM439, SDM630, SDM632, SDM636, SDM660, Snapdragon_High_Med_2016, lack of input validation in WLANWMI command handlers can lead to integer & heap overflows."
{ }
"name" : "https://source.android.com/security/bulletin/2018-09-01#qualcomm-closed-source-components", ]
"refsource" : "CONFIRM", },
"url" : "https://source.android.com/security/bulletin/2018-09-01#qualcomm-closed-source-components" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://www.qualcomm.com/company/product-security/bulletins", "description": [
"refsource" : "CONFIRM", {
"url" : "https://www.qualcomm.com/company/product-security/bulletins" "lang": "eng",
} "value": "Buffer Overflow in WLAN"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "https://source.android.com/security/bulletin/2018-09-01#qualcomm-closed-source-components",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2018-09-01#qualcomm-closed-source-components"
},
{
"name": "https://www.qualcomm.com/company/product-security/bulletins",
"refsource": "CONFIRM",
"url": "https://www.qualcomm.com/company/product-security/bulletins"
},
{
"name": "http://support.blackberry.com/kb/articleDetail?language=en_US&articleNumber=000051618",
"refsource": "CONFIRM",
"url": "http://support.blackberry.com/kb/articleDetail?language=en_US&articleNumber=000051618"
}
]
}
}

150
2018/11xxx/CVE-2018-11454.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "productcert@siemens.com", "ASSIGNER": "productcert@siemens.com",
"DATE_PUBLIC" : "2018-08-07T00:00:00", "DATE_PUBLIC": "2018-08-07T00:00:00",
"ID" : "CVE-2018-11454", "ID": "CVE-2018-11454",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V10, V11, V12, SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V13, SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V14, SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V15", "product_name": "SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V10, V11, V12, SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V13, SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V14, SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V15",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V10, V11, V12 : All versions" "version_value": "SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V10, V11, V12 : All versions"
}, },
{ {
"version_value" : "SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V13 : All versions < V13 SP2 Update 2" "version_value": "SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V13 : All versions < V13 SP2 Update 2"
}, },
{ {
"version_value" : "SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V14 : All versions < V14 SP1 Update 6" "version_value": "SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V14 : All versions < V14 SP1 Update 6"
}, },
{ {
"version_value" : "SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V15 : All versions < V15 Update 2" "version_value": "SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V15 : All versions < V15 Update 2"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Siemens AG" "vendor_name": "Siemens AG"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A vulnerability has been identified in SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V10, V11, V12 (All versions), SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V13 (All versions < V13 SP2 Update 2), SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V14 (All versions < V14 SP1 Update 6), SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V15 (All versions < V15 Update 2). Improper file permissions in the default installation of TIA Portal may allow an attacker with local file system access to manipulate resources which may be transferred to devices and executed there by a different user. No special privileges are required, but the victim needs to transfer the manipulated files to a device. Execution is caused on the target device rather than on the PG device."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-276: Incorrect Default Permissions"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://cert-portal.siemens.com/productcert/pdf/ssa-979106.pdf", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://cert-portal.siemens.com/productcert/pdf/ssa-979106.pdf" "lang": "eng",
}, "value": "A vulnerability has been identified in SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V10, V11, V12 (All versions), SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V13 (All versions < V13 SP2 Update 2), SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V14 (All versions < V14 SP1 Update 6), SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V15 (All versions < V15 Update 2). Improper file permissions in the default installation of TIA Portal may allow an attacker with local file system access to manipulate resources which may be transferred to devices and executed there by a different user. No special privileges are required, but the victim needs to transfer the manipulated files to a device. Execution is caused on the target device rather than on the PG device."
{ }
"name" : "105115", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/105115" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "CWE-276: Incorrect Default Permissions"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "105115",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105115"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-979106.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-979106.pdf"
}
]
}
}

130
2018/11xxx/CVE-2018-11476.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-11476", "ID": "CVE-2018-11476",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered on Vgate iCar 2 Wi-Fi OBD2 Dongle devices. The dongle opens an unprotected wireless LAN that cannot be configured with encryption or a password. This enables anyone within the range of the WLAN to connect to the network without authentication."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20180529 SEC Consult SA-20180529-0 :: Unprotected WiFi access & Unencrypted data transfer in Vgate iCar2 OBD2 Dongle", "description_data": [
"refsource" : "FULLDISC", {
"url" : "http://seclists.org/fulldisclosure/2018/May/66" "lang": "eng",
}, "value": "An issue was discovered on Vgate iCar 2 Wi-Fi OBD2 Dongle devices. The dongle opens an unprotected wireless LAN that cannot be configured with encryption or a password. This enables anyone within the range of the WLAN to connect to the network without authentication."
{ }
"name" : "https://www.sec-consult.com/en/blog/advisories/unprotected-wifi-access-unencrypted-data-transfer-in-vgate-icar2-wifi-obd2-dongle/", ]
"refsource" : "MISC", },
"url" : "https://www.sec-consult.com/en/blog/advisories/unprotected-wifi-access-unencrypted-data-transfer-in-vgate-icar2-wifi-obd2-dongle/" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.sec-consult.com/en/blog/advisories/unprotected-wifi-access-unencrypted-data-transfer-in-vgate-icar2-wifi-obd2-dongle/",
"refsource": "MISC",
"url": "https://www.sec-consult.com/en/blog/advisories/unprotected-wifi-access-unencrypted-data-transfer-in-vgate-icar2-wifi-obd2-dongle/"
},
{
"name": "20180529 SEC Consult SA-20180529-0 :: Unprotected WiFi access & Unencrypted data transfer in Vgate iCar2 OBD2 Dongle",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2018/May/66"
}
]
}
}

150
2018/11xxx/CVE-2018-11588.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-11588", "ID": "CVE-2018-11588",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Centreon 3.4.6 including Centreon Web 2.8.23 is vulnerable to an authenticated user injecting a payload into the username or command description, resulting in stored XSS. This is related to www/include/core/menu/menu.php and www/include/configuration/configObject/command/formArguments.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-2.8/centreon-2.8.24.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-2.8/centreon-2.8.24.html" "lang": "eng",
}, "value": "Centreon 3.4.6 including Centreon Web 2.8.23 is vulnerable to an authenticated user injecting a payload into the username or command description, resulting in stored XSS. This is related to www/include/core/menu/menu.php and www/include/configuration/configObject/command/formArguments.php."
{ }
"name" : "https://github.com/centreon/centreon/pull/6259", ]
"refsource" : "CONFIRM", },
"url" : "https://github.com/centreon/centreon/pull/6259" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://github.com/centreon/centreon/pull/6260", "description": [
"refsource" : "CONFIRM", {
"url" : "https://github.com/centreon/centreon/pull/6260" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "https://github.com/centreon/centreon/releases", ]
"refsource" : "CONFIRM", }
"url" : "https://github.com/centreon/centreon/releases" ]
} },
] "references": {
} "reference_data": [
} {
"name": "https://github.com/centreon/centreon/releases",
"refsource": "CONFIRM",
"url": "https://github.com/centreon/centreon/releases"
},
{
"name": "https://documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-2.8/centreon-2.8.24.html",
"refsource": "CONFIRM",
"url": "https://documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-2.8/centreon-2.8.24.html"
},
{
"name": "https://github.com/centreon/centreon/pull/6260",
"refsource": "CONFIRM",
"url": "https://github.com/centreon/centreon/pull/6260"
},
{
"name": "https://github.com/centreon/centreon/pull/6259",
"refsource": "CONFIRM",
"url": "https://github.com/centreon/centreon/pull/6259"
}
]
}
}

130
2018/11xxx/CVE-2018-11960.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "product-security@qualcomm.com", "ASSIGNER": "product-security@qualcomm.com",
"ID" : "CVE-2018-11960", "ID": "CVE-2018-11960",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Android for MSM, Firefox OS for MSM, QRD Android", "product_name": "Android for MSM, Firefox OS for MSM, QRD Android",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "All Android releases from CAF using the Linux kernel" "version_value": "All Android releases from CAF using the Linux kernel"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Qualcomm, Inc." "vendor_name": "Qualcomm, Inc."
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, A use after free condition can occur in the SPS driver which can lead to error in kernel."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Use After Free in HWEngines"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://www.codeaurora.org/security-bulletin/2018/12/03/december-2018-code-aurora-security-bulletin", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://www.codeaurora.org/security-bulletin/2018/12/03/december-2018-code-aurora-security-bulletin" "lang": "eng",
}, "value": "In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, A use after free condition can occur in the SPS driver which can lead to error in kernel."
{ }
"name" : "106136", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/106136" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "Use After Free in HWEngines"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "106136",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106136"
},
{
"name": "https://www.codeaurora.org/security-bulletin/2018/12/03/december-2018-code-aurora-security-bulletin",
"refsource": "CONFIRM",
"url": "https://www.codeaurora.org/security-bulletin/2018/12/03/december-2018-code-aurora-security-bulletin"
}
]
}
}

150
2018/15xxx/CVE-2018-15961.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "psirt@adobe.com", "ASSIGNER": "psirt@adobe.com",
"ID" : "CVE-2018-15961", "ID": "CVE-2018-15961",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "ColdFusion", "product_name": "ColdFusion",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier versions" "version_value": "July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier versions"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Adobe" "vendor_name": "Adobe"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier have an unrestricted file upload vulnerability. Successful exploitation could lead to arbitrary code execution."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Unrestricted file upload"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "45979", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/45979/" "lang": "eng",
}, "value": "Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier have an unrestricted file upload vulnerability. Successful exploitation could lead to arbitrary code execution."
{ }
"name" : "https://helpx.adobe.com/security/products/coldfusion/apsb18-33.html", ]
"refsource" : "CONFIRM", },
"url" : "https://helpx.adobe.com/security/products/coldfusion/apsb18-33.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "105314", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/105314" "lang": "eng",
}, "value": "Unrestricted file upload"
{ }
"name" : "1041621", ]
"refsource" : "SECTRACK", }
"url" : "http://www.securitytracker.com/id/1041621" ]
} },
] "references": {
} "reference_data": [
} {
"name": "https://helpx.adobe.com/security/products/coldfusion/apsb18-33.html",
"refsource": "CONFIRM",
"url": "https://helpx.adobe.com/security/products/coldfusion/apsb18-33.html"
},
{
"name": "105314",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105314"
},
{
"name": "1041621",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041621"
},
{
"name": "45979",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/45979/"
}
]
}
}

122
2018/3xxx/CVE-2018-3758.json
View File

@ -1,63 +1,63 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "support@hackerone.com", "ASSIGNER": "support@hackerone.com",
"DATE_PUBLIC" : "2018-06-02T00:00:00", "DATE_PUBLIC": "2018-06-02T00:00:00",
"ID" : "CVE-2018-3758", "ID": "CVE-2018-3758",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "express-cart", "product_name": "express-cart",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "1.1.7" "version_value": "1.1.7"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "HackerOne" "vendor_name": "HackerOne"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unrestricted file upload (RCE) in express-cart module before 1.1.7 allows a privileged user to gain access in the hosting machine."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Path Traversal (CWE-22)"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://hackerone.com/reports/343726", "description_data": [
"refsource" : "MISC", {
"url" : "https://hackerone.com/reports/343726" "lang": "eng",
} "value": "Unrestricted file upload (RCE) in express-cart module before 1.1.7 allows a privileged user to gain access in the hosting machine."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Path Traversal (CWE-22)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://hackerone.com/reports/343726",
"refsource": "MISC",
"url": "https://hackerone.com/reports/343726"
}
]
}
}

34
2018/7xxx/CVE-2018-7599.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-7599", "ID": "CVE-2018-7599",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

170
2018/8xxx/CVE-2018-8154.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "Secure@Microsoft.com", "ASSIGNER": "secure@microsoft.com",
"ID" : "CVE-2018-8154", "ID": "CVE-2018-8154",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Microsoft Exchange Server", "product_name": "Microsoft Exchange Server",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "2010 Service Pack 3 Update Rollup 21" "version_value": "2010 Service Pack 3 Update Rollup 21"
}, },
{ {
"version_value" : "2013 Cumulative Update 19" "version_value": "2013 Cumulative Update 19"
}, },
{ {
"version_value" : "2013 Cumulative Update 20" "version_value": "2013 Cumulative Update 20"
}, },
{ {
"version_value" : "2013 Service Pack 1" "version_value": "2013 Service Pack 1"
}, },
{ {
"version_value" : "2016 Cumulative Update 8" "version_value": "2016 Cumulative Update 8"
}, },
{ {
"version_value" : "2016 Cumulative Update 9" "version_value": "2016 Cumulative Update 9"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Microsoft" "vendor_name": "Microsoft"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A remote code execution vulnerability exists in Microsoft Exchange software when the software fails to properly handle objects in memory, aka \"Microsoft Exchange Memory Corruption Vulnerability.\" This affects Microsoft Exchange Server. This CVE ID is unique from CVE-2018-8151."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Remote Code Execution"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8154", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8154" "lang": "eng",
}, "value": "A remote code execution vulnerability exists in Microsoft Exchange software when the software fails to properly handle objects in memory, aka \"Microsoft Exchange Memory Corruption Vulnerability.\" This affects Microsoft Exchange Server. This CVE ID is unique from CVE-2018-8151."
{ }
"name" : "104054", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/104054" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1040850", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1040850" "lang": "eng",
} "value": "Remote Code Execution"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "104054",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104054"
},
{
"name": "1040850",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040850"
},
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8154",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8154"
}
]
}
}

460
2018/8xxx/CVE-2018-8333.json
View File

@ -1,232 +1,232 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "Secure@Microsoft.com", "ASSIGNER": "secure@microsoft.com",
"ID" : "CVE-2018-8333", "ID": "CVE-2018-8333",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Windows 7", "product_name": "Windows 7",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "32-bit Systems Service Pack 1" "version_value": "32-bit Systems Service Pack 1"
}, },
{ {
"version_value" : "x64-based Systems Service Pack 1" "version_value": "x64-based Systems Service Pack 1"
} }
] ]
} }
}, },
{ {
"product_name" : "Windows Server 2012 R2", "product_name": "Windows Server 2012 R2",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "(Server Core installation)" "version_value": "(Server Core installation)"
} }
] ]
} }
}, },
{ {
"product_name" : "Windows RT 8.1", "product_name": "Windows RT 8.1",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Windows RT 8.1" "version_value": "Windows RT 8.1"
} }
] ]
} }
}, },
{ {
"product_name" : "Windows Server 2008", "product_name": "Windows Server 2008",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "32-bit Systems Service Pack 2" "version_value": "32-bit Systems Service Pack 2"
}, },
{ {
"version_value" : "32-bit Systems Service Pack 2 (Server Core installation)" "version_value": "32-bit Systems Service Pack 2 (Server Core installation)"
}, },
{ {
"version_value" : "Itanium-Based Systems Service Pack 2" "version_value": "Itanium-Based Systems Service Pack 2"
}, },
{ {
"version_value" : "x64-based Systems Service Pack 2" "version_value": "x64-based Systems Service Pack 2"
}, },
{ {
"version_value" : "x64-based Systems Service Pack 2 (Server Core installation)" "version_value": "x64-based Systems Service Pack 2 (Server Core installation)"
} }
] ]
} }
}, },
{ {
"product_name" : "Windows Server 2019", "product_name": "Windows Server 2019",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "(Server Core installation)" "version_value": "(Server Core installation)"
} }
] ]
} }
}, },
{ {
"product_name" : "Windows Server 2012", "product_name": "Windows Server 2012",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "(Server Core installation)" "version_value": "(Server Core installation)"
} }
] ]
} }
}, },
{ {
"product_name" : "Windows 8.1", "product_name": "Windows 8.1",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "32-bit systems" "version_value": "32-bit systems"
}, },
{ {
"version_value" : "x64-based systems" "version_value": "x64-based systems"
} }
] ]
} }
}, },
{ {
"product_name" : "Windows Server 2016", "product_name": "Windows Server 2016",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "(Server Core installation)" "version_value": "(Server Core installation)"
} }
] ]
} }
}, },
{ {
"product_name" : "Windows Server 2008 R2", "product_name": "Windows Server 2008 R2",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Itanium-Based Systems Service Pack 1" "version_value": "Itanium-Based Systems Service Pack 1"
}, },
{ {
"version_value" : "x64-based Systems Service Pack 1" "version_value": "x64-based Systems Service Pack 1"
}, },
{ {
"version_value" : "x64-based Systems Service Pack 1 (Server Core installation)" "version_value": "x64-based Systems Service Pack 1 (Server Core installation)"
} }
] ]
} }
}, },
{ {
"product_name" : "Windows 10", "product_name": "Windows 10",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "32-bit Systems" "version_value": "32-bit Systems"
}, },
{ {
"version_value" : "Version 1607 for 32-bit Systems" "version_value": "Version 1607 for 32-bit Systems"
}, },
{ {
"version_value" : "Version 1607 for x64-based Systems" "version_value": "Version 1607 for x64-based Systems"
}, },
{ {
"version_value" : "Version 1703 for 32-bit Systems" "version_value": "Version 1703 for 32-bit Systems"
}, },
{ {
"version_value" : "Version 1703 for x64-based Systems" "version_value": "Version 1703 for x64-based Systems"
}, },
{ {
"version_value" : "Version 1709 for 32-bit Systems" "version_value": "Version 1709 for 32-bit Systems"
}, },
{ {
"version_value" : "Version 1709 for x64-based Systems" "version_value": "Version 1709 for x64-based Systems"
}, },
{ {
"version_value" : "Version 1803 for 32-bit Systems" "version_value": "Version 1803 for 32-bit Systems"
}, },
{ {
"version_value" : "Version 1803 for x64-based Systems" "version_value": "Version 1803 for x64-based Systems"
}, },
{ {
"version_value" : "Version 1809 for 32-bit Systems" "version_value": "Version 1809 for 32-bit Systems"
}, },
{ {
"version_value" : "Version 1809 for x64-based Systems" "version_value": "Version 1809 for x64-based Systems"
}, },
{ {
"version_value" : "x64-based Systems" "version_value": "x64-based Systems"
} }
] ]
} }
}, },
{ {
"product_name" : "Windows 10 Servers", "product_name": "Windows 10 Servers",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "version 1709 (Server Core Installation)" "version_value": "version 1709 (Server Core Installation)"
}, },
{ {
"version_value" : "version 1803 (Server Core Installation)" "version_value": "version 1803 (Server Core Installation)"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Microsoft" "vendor_name": "Microsoft"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An Elevation of Privilege vulnerability exists in Filter Manager when it improperly handles objects in memory, aka \"Microsoft Filter Manager Elevation Of Privilege Vulnerability.\" This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Elevation of Privilege"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8333", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8333" "lang": "eng",
}, "value": "An Elevation of Privilege vulnerability exists in Filter Manager when it improperly handles objects in memory, aka \"Microsoft Filter Manager Elevation Of Privilege Vulnerability.\" This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers."
{ }
"name" : "105507", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/105507" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1041831", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1041831" "lang": "eng",
} "value": "Elevation of Privilege"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "105507",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105507"
},
{
"name": "1041831",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041831"
},
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8333",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8333"
}
]
}
}

288
2018/8xxx/CVE-2018-8447.json
View File

@ -1,146 +1,146 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "Secure@Microsoft.com", "ASSIGNER": "secure@microsoft.com",
"ID" : "CVE-2018-8447", "ID": "CVE-2018-8447",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Internet Explorer 9", "product_name": "Internet Explorer 9",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Windows Server 2008 for 32-bit Systems Service Pack 2" "version_value": "Windows Server 2008 for 32-bit Systems Service Pack 2"
}, },
{ {
"version_value" : "Windows Server 2008 for x64-based Systems Service Pack 2" "version_value": "Windows Server 2008 for x64-based Systems Service Pack 2"
} }
] ]
} }
}, },
{ {
"product_name" : "Internet Explorer 11", "product_name": "Internet Explorer 11",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Windows 10 for 32-bit Systems" "version_value": "Windows 10 for 32-bit Systems"
}, },
{ {
"version_value" : "Windows 10 for x64-based Systems" "version_value": "Windows 10 for x64-based Systems"
}, },
{ {
"version_value" : "Windows 10 Version 1607 for 32-bit Systems" "version_value": "Windows 10 Version 1607 for 32-bit Systems"
}, },
{ {
"version_value" : "Windows 10 Version 1607 for x64-based Systems" "version_value": "Windows 10 Version 1607 for x64-based Systems"
}, },
{ {
"version_value" : "Windows 10 Version 1703 for 32-bit Systems" "version_value": "Windows 10 Version 1703 for 32-bit Systems"
}, },
{ {
"version_value" : "Windows 10 Version 1703 for x64-based Systems" "version_value": "Windows 10 Version 1703 for x64-based Systems"
}, },
{ {
"version_value" : "Windows 10 Version 1709 for 32-bit Systems" "version_value": "Windows 10 Version 1709 for 32-bit Systems"
}, },
{ {
"version_value" : "Windows 10 Version 1709 for x64-based Systems" "version_value": "Windows 10 Version 1709 for x64-based Systems"
}, },
{ {
"version_value" : "Windows 10 Version 1803 for 32-bit Systems" "version_value": "Windows 10 Version 1803 for 32-bit Systems"
}, },
{ {
"version_value" : "Windows 10 Version 1803 for x64-based Systems" "version_value": "Windows 10 Version 1803 for x64-based Systems"
}, },
{ {
"version_value" : "Windows 7 for 32-bit Systems Service Pack 1" "version_value": "Windows 7 for 32-bit Systems Service Pack 1"
}, },
{ {
"version_value" : "Windows 7 for x64-based Systems Service Pack 1" "version_value": "Windows 7 for x64-based Systems Service Pack 1"
}, },
{ {
"version_value" : "Windows 8.1 for 32-bit systems" "version_value": "Windows 8.1 for 32-bit systems"
}, },
{ {
"version_value" : "Windows 8.1 for x64-based systems" "version_value": "Windows 8.1 for x64-based systems"
}, },
{ {
"version_value" : "Windows RT 8.1" "version_value": "Windows RT 8.1"
}, },
{ {
"version_value" : "Windows Server 2008 R2 for x64-based Systems Service Pack 1" "version_value": "Windows Server 2008 R2 for x64-based Systems Service Pack 1"
}, },
{ {
"version_value" : "Windows Server 2012 R2" "version_value": "Windows Server 2012 R2"
}, },
{ {
"version_value" : "Windows Server 2016" "version_value": "Windows Server 2016"
} }
] ]
} }
}, },
{ {
"product_name" : "Internet Explorer 10", "product_name": "Internet Explorer 10",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Windows Server 2012" "version_value": "Windows Server 2012"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Microsoft" "vendor_name": "Microsoft"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka \"Internet Explorer Memory Corruption Vulnerability.\" This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10. This CVE ID is unique from CVE-2018-8461."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Remote Code Execution"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8447", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8447" "lang": "eng",
}, "value": "A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka \"Internet Explorer Memory Corruption Vulnerability.\" This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10. This CVE ID is unique from CVE-2018-8461."
{ }
"name" : "105257", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/105257" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1041632", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1041632" "lang": "eng",
} "value": "Remote Code Execution"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "1041632",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041632"
},
{
"name": "105257",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105257"
},
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8447",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8447"
}
]
}
}

34
2018/8xxx/CVE-2018-8984.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-8984", "ID": "CVE-2018-8984",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }